In 2016, G7 Makes Cybersecurity a Priority and Paves the Way for Track 1.5 Multi-Stakeholder Discussions

Leaders from Japan, Canada, France, Germany, Italy, the UK, and the US, as well as representatives of the European Union, gathered for the G7 Ise-Shima Summit in Japan May 26-27 to address major global economic and political challenges. Notably, for the first time at a G7 Summit, their discussions included cybersecurity. In fact, the “G7 Ise-Shima Leaders’ Declaration” released May 27 contains several consensus items regarding cybersecurity, captured as a standalone topic, reflecting the critical importance and geopolitical consequences of this issue in today’s world.

Among other things, the Leaders’ Declaration endorses the G7 Principles and Actions on Cyber, which promote security and stability in cyberspace as well as the digital economy, and commits the leaders “to take decisive action” regarding those Principles. Cybersecurity came up not only in this Summit, but also in an array of related G7 meetings leading up to it this spring: the G7 Foreign Ministers’ Meeting April 10-11, the G7 ICT Ministers’ Meeting April 29-30, the G7 Finance Ministers and Central Bank Governors Meeting May 20-21, and the G7 Energy Ministerial Meeting May 1-2. This consistent discussion reflects governments’ growing concerns over the malicious use of cyberspace by hackers, criminals, state actors, and terrorists, as well as emerging global trends that challenge an open and interoperable cyberspace—all of which threaten our critical infrastructure, digital economy and economic growth.

Given growing concerns over the current economic downturn in many countries, it makes sense that the Leaders focused on the economic contribution of cyberspace, and confirmed that “an accessible, open, interoperable, reliable and secure cyberspace” is an “essential foundation for economic growth and prosperity.” Indeed, cyberspace is a fundamental enabler of our digital lifestyle, although malicious actors can use it to threaten our daily lives, economies, and national or international security.

This vision of cyberspace as a foundation for progress is shared by the G7 host country, Japan, whose Cybersecurity Strategy 2015 was the first Japanese national information securitystrategy to recognize that cyberspace is also a frontier for innovation and sustainable economic growth.

We welcome the G7 Leaders’ decision to launch a new G7 working group on cyber to enhance policy coordination and practical cooperation to promote security and stability in cyberspace. The Declaration does not say who will populate the working group. While we expect the core members to be government officials, it is crucial to adopt a multi-stakeholder or “Track 1.5” approach to incorporate industry input. Governments and the private sector alike seek greater cybersecurity and resilience, and it is necessary to combine government insights about policy and national strategy with industry knowledge about technical innovation for cyber threat prevention and defense. All players must participate to ensure that the envisioned coordination and cooperation is practical and feasible.

It also is commendable that the G7 is focusing on cybersecurity in critical industry sectors dependent on cyber infrastructure, namely finance and energy. The Declaration highlights the work of the G7 Cyber Experts Group in the financial area to foster cybersecurity and enhance cooperation among G7 countries in this arena. This is important, given the ongoing trend of cybercrimes targeting the financial sector, such as the theft of $81 million from Bangladesh’s central bank in February 2016.

In the Joint Statement from the G7 Energy Ministerial Meeting earlier in May, the Ministers committed to advancing resilient energy systems including electricity, gas and oil, in order to respond effectively to emerging cyber threats and to maintain critical functions. The usefulness of this commitment is evidenced by the power outage, caused by cyber-attacks, which affected 225,000 people in Ukraine in December 2015. Such cyber sabotage against critical infrastructure can potentially disrupt medical services and other key social services, leading to the loss of lives. These areas of focus demonstrate the G7 countries’ concern about the potential damages to these sectors of critical infrastructure, which can sap competitiveness, cause a loss in business and consumer confidence, and dampen the countries’ economic strength and security.

Finally, it is meaningful that this heavy emphasis on cybersecurity was made at the series of G7 meetings hosted by Japan. We are sure that Japan played an important role in ensuring this emphasis. Japan has its own internal interests, including the security of the electric power industry in the wake of the Great East Japan Earthquake in 2011 (which led to catastrophic consequences with the cascading impacts from the Fukushima Daiichi nuclear power plant accident). As the host of the G7 Summit 2016 and the upcoming Tokyo Summer Olympic Games in 2020, Japan is expected to set an example of cybersecurity and the protection of critical infrastructure. Best practices and new partnerships will be born from the lessons.

The next steps for the G7 leaders and the new G7 cyber working group are to figure out how to overcome silos and facilitate smooth communication across borders, among key players in government and industry. While bureaucratic stove piping is not unique to cybersecurity, the repercussions can be more problematic when cyber attacks or threats affect multiple sectors, governmental agencies, and countries. Given that attackers will always try to exploit the weakest link, the scale of global Internet interconnectivity means that one country’s robust cyber defenses – or economic prosperity – may be weakened if its counterparts fail to protect themselves. This could lead to information breaches and compromised systems or networks globally.

The call for a multi-stakeholder approach to cybersecurity across borders is not new, but has been slow to gain solid footing. It could be that we have lacked clear goals or deadlines. The Tokyo Olympic Games 2020 would be a golden opportunity to create a prototype of a Track 1.5 cybersecurity dialogue and information-sharing framework. Only four years away, the event has a wide variety of stakeholders, including the G7 countries. Such a prototype can help pave the way to more efficient global cooperation on cybercrime and critical infrastructure protection.

This is the second in a series of blogs co-authored by Mihoko Matsubara and Danielle Krizaimed at introducing Japan’s cybersecurity efforts and their significance to a global audience, including governments, global industry, and other thought leaders. Subsequent blogs are expected to cover additional thoughts on the METI/IPA Cybersecurity Guidelines, Japan’s role in global cybersecurity capacity-building, cyber threat information-sharing and prospects for Japan, the cybersecurity ramifications of planning for the Tokyo Olympic Games 2020, and other topics.

Mihoko Matsubara and Danielle Kriz

[Palo Alto Networks Research Center]